Techjoomla Forum

  1. Jari Martikainen
  2. Joomla REST API
  3. Saturday, 31 March 2018
I recently added the REST API to my dev site and I was wondering if there is a reason for the users plugin to spit out the password hash?

will output the password hash from the user object since it is not unset on line 363 in plugins/api/users/user/users.php:

// If we have an id try to fetch the user
if ($id = $input->get('id'))
$user = JUser::getInstance($id);
if (!$user->id)
$this->plugin->setResponse($this->getErrorResponse(JText::_( 'PLG_API_USERS_USER_NOT_FOUND_MESSAGE' )));

// Returns password hash unless unset below.
$model = new UsersModelUsers;
$users = $model->getItems();

foreach ($users as $k => $v)

You do not have permission to view the content of this accepted answer and replies.